Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/574b70d3-7c8b-4429-9717-a92ab32ff7c2.roa
File:                     574b70d3-7c8b-4429-9717-a92ab32ff7c2.roa (raw, json)
Hash identifier:          u1r5xdDuWqn6rsr/3HlBe9O6UZLyDnw52kPpNhhEbFI=
Subject key identifier:   43:FF:24:11:38:33:AE:D4:D0:48:1E:CC:B3:13:E5:E6:0D:A1:E0:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       625CDE366BA18C8C4FFFCC9AFBB97F2908C411CC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/574b70d3-7c8b-4429-9717-a92ab32ff7c2.roa
Signing time:             Mon 20 Oct 2025 17:54:33 +0000
ROA not before:           Mon 20 Oct 2025 17:54:33 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.173.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:5c:de:36:6b:a1:8c:8c:4f:ff:cc:9a:fb:b9:7f:29:08:c4:11:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 17:54:33 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=ec07193449e94811ab0ef1d92ace073eb4da9edac094afd64de16a65976c5b3b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:22:81:28:8d:69:59:2d:19:92:96:e3:d5:df:
                    a0:7d:47:9e:13:4f:67:33:91:00:67:11:70:ff:7a:
                    67:1f:1c:38:b4:16:ba:7e:a2:dc:fc:99:b7:87:a8:
                    42:6e:75:74:17:ab:bc:42:38:f1:41:ec:6c:c5:fc:
                    f2:1f:5d:1a:d0:32:8e:7d:d8:bd:34:5c:0b:21:64:
                    97:c8:81:be:14:f8:38:fa:69:99:64:d7:85:f1:23:
                    c4:c6:ec:b4:b2:24:f0:8b:df:65:84:fd:4a:6e:76:
                    23:49:8e:c2:bd:63:c1:22:c0:3b:6c:6a:5a:15:da:
                    b0:74:0f:2c:7a:0e:bd:d7:4c:4c:ba:93:0b:08:c5:
                    5f:f2:84:13:63:ae:f5:f3:85:c7:57:a0:5d:bb:8e:
                    dc:f5:a4:fe:ed:1e:8b:22:6a:07:70:cb:c5:4a:c3:
                    14:a0:ce:7c:5c:ba:ac:d2:ac:6d:e3:31:ed:c8:f7:
                    91:87:56:57:4c:f2:90:8a:a2:d0:6e:01:b3:84:f3:
                    33:2e:cc:6a:cb:26:c0:ca:f4:bc:d8:3c:f5:5b:b1:
                    b2:9f:92:97:e3:17:71:1d:d2:36:6b:a8:78:62:e4:
                    4c:35:ce:bd:d3:dc:6d:4d:b5:b0:58:a3:e3:93:70:
                    1d:ea:b3:3c:81:28:c9:ab:93:02:e9:86:1d:81:93:
                    dd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FF:24:11:38:33:AE:D4:D0:48:1E:CC:B3:13:E5:E6:0D:A1:E0:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/574b70d3-7c8b-4429-9717-a92ab32ff7c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.173.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:46:68:11:69:e0:a1:95:b2:56:86:ea:d5:4a:6b:60:c3:d8:
         5f:8c:a1:80:25:c3:85:6b:8c:1b:d2:bb:96:74:9a:2a:eb:b9:
         f6:67:08:3a:09:c5:49:97:2d:1f:d5:30:39:a3:4f:c5:a6:3b:
         95:1f:b6:7b:f3:f6:e2:c0:5e:50:13:18:2d:68:33:a1:43:e5:
         6c:d3:59:40:5f:4d:65:71:1b:b6:65:d6:5d:e7:90:62:ee:bd:
         f7:28:be:c2:6e:ce:55:c4:68:ee:b9:3c:12:4c:e6:97:81:c3:
         68:76:58:9c:cd:4d:24:98:93:6f:ac:e5:5f:33:92:f3:f2:66:
         57:12:b3:2f:4d:05:53:12:50:71:7a:81:75:94:a6:f0:4e:41:
         32:6e:51:42:c5:85:42:65:63:a0:65:6b:fc:b9:8c:e4:0e:0e:
         19:ea:2f:24:4a:c3:fe:b1:cb:af:c3:78:fc:7d:29:e0:5d:3c:
         79:91:68:50:48:e8:40:fd:91:ab:20:3a:15:68:75:41:f1:13:
         a5:f6:46:ce:6d:85:ce:42:d6:50:e1:c8:d2:c0:84:dd:36:70:
         9b:44:f6:82:72:18:f4:02:e3:0e:c0:e2:b7:41:62:09:d3:2d:
         84:e3:e1:a3:89:38:7f:4d:55:55:af:42:e9:2f:ea:7d:13:d5:
         f5:0c:7b:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYlzeNmuhjIxP/8ya+7l/KQjEEcwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMTc1NDMzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzA3MTkzNDQ5ZTk0ODExYWIwZWYxZDkyYWNlMDczZWI0
ZGE5ZWRhYzA5NGFmZDY0ZGUxNmE2NTk3NmM1YjNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcIoEojWlZLRmSluPV36B9R54TT2czkQBnEXD/emcfHDi0
Frp+otz8mbeHqEJudXQXq7xCOPFB7GzF/PIfXRrQMo592L00XAshZJfIgb4U+Dj6
aZlk14XxI8TG7LSyJPCL32WE/UpudiNJjsK9Y8EiwDtsaloV2rB0Dyx6Dr3XTEy6
kwsIxV/yhBNjrvXzhcdXoF27jtz1pP7tHosiagdwy8VKwxSgznxcuqzSrG3jMe3I
95GHVldM8pCKotBuAbOE8zMuzGrLJsDK9LzYPPVbsbKfkpfjF3Ed0jZrqHhi5Ew1
zr3T3G1NtbBYo+OTcB3qszyBKMmrkwLphh2Bk90LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ/8kETgzrtTQSB7MsxPl5g2h4MowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU3NGI3MGQzLTdjOGItNDQyOS05NzE3LWE5MmFiMzJmZjdjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDrUQwDQYJKoZIhvcNAQELBQADggEBAJBGaBFp4KGVslaG6tVKa2DD2F+M
oYAlw4VrjBvSu5Z0mirrufZnCDoJxUmXLR/VMDmjT8WmO5Uftnvz9uLAXlATGC1o
M6FD5WzTWUBfTWVxG7Zl1l3nkGLuvfcovsJuzlXEaO65PBJM5peBw2h2WJzNTSSY
k2+s5V8zkvPyZlcSsy9NBVMSUHF6gXWUpvBOQTJuUULFhUJlY6Bla/y5jOQODhnq
LyRKw/6xy6/DePx9KeBdPHmRaFBI6ED9kasgOhVodUHxE6X2Rs5thc5C1lDhyNLA
hN02cJtE9oJyGPQC4w7A4rdBYgnTLYTj4aOJOH9NVVWvQukv6n0T1fUMe94=
-----END CERTIFICATE-----